Exploitdb Exploits
2,809 exploits tracked across all sources.
htpasswd Apache 1.3.31 - Local Overflow
by Luiz Fernando Camargo
Ipswitch WhatsUp Gold 7.0/8.0 - Notification Instance Name Remote Buffer Overflow
by anonymous
efs_web_server 1.25 - Denial of Service via Large HTTP Requests
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
by GulfTech Security
BadBlue 2.5 - Denial of Service via Excessive Connections
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
by GulfTech Security
PHPMyWebHosting <0.3.4 - SQL Injection
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
by Noam Rathaus
PlaySMS 0.7 and earlier - SQL Injection via vc2 Cookie
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
by Noam Rathaus
AppleFileServer <10.3.3 - Buffer Overflow
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
by Dino Dai Zovi
BlackJumboDog 3.x - Remote Code Execution via Long FTP Commands
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
by Tal Zeltzer
SoX 12.17.2-12.17.4 - Remote Code Execution via WAV File Header Fields
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
by Serkan Akpolat
Microsoft Systems Management Server 2.50.2726.0 - Denial of Service via Malformed TCP Packet to Port 2702
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
by MacDefender
Apache httpd 2.0.49 - DoS/Buffer Overflow
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
by bkbll
Samba 3.0.2-3.0.4 - Remote Code Execution via SWAT HTTP Basic Authentication Buffer Overflow
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
by Noam Rathaus
Serena TeamTrack 6.1.1 - Info Disclosure & XSS
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
by Noam Rathaus
Polar HelpDesk 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
by Noam Rathaus
NetSupport DNA HelpDesk 1.01 - SQL Injection via problist.asp where Parameter
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
by Noam Rathaus
LBE Web Helpdesk <4.0.0.81 - SQL Injection
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Noam Rathaus
Internet Software Sciences Web+Center 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.
by Noam Rathaus
Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service
by HexView
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by sasan hezarkhani
MySQL 4.1.x < 4.1.3 and 5.0 - Unauthenticated Authentication Bypass via Zero-Length Scrambled String
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
by Eli Kara
InterBase and Firebird < 1.5 - Denial of Service via Long Database Name
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
by Aviram Jenik
Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities
WinAgents TFTP Server 3.0 - Remote Buffer Overrun
by Ziv Kamir
BlackBoard Learning System 6.0 - Dropbox File Download
by Maarten Verbeek
By Source